Sunday, April 9, 2017

Updated: Datalogging with Google Sheets in 2017

In 2011 I posted an article about datalogging with Google Sheets.  I just got a comment asking if the info was still valid.  Google Sheets has changed a lot in the last few years, so here is an updated tutorial for 2017.

1.  Go to Google Sheets
2.  Create a blank sheet

3.  Create a form

4.  Create a single question of type "short answer"

5.  When you've created the question "What is the temperature" with type "short answer" as above, close the tab in your browser.

6.  Reopen the spreadsheet from step 3.  You should now see:

If you don't see this, close and re-open the spreadsheet from Google Sheets.

7.  Google now stores all of your forms at Google Forms.  Go there and you should see the form you created in step 4.

8.  Click the SEND button

9.  Click the link icon to get a link to your form

10.  Copy/paste the link into your browser.  I'm using Chrome.

11.  After the form opens in your browser, hit ctrl+shift+i to open the developer console.

12.  Click the "Network" tab, and also click the option "Preserve Log".  Your screen should look like this:

13.  Type an answer in your form and hit submit.

14.  A bunch of stuff will appear in the Network tab.  This is the browser magic that happens in the background.  Scroll to the top and find the "formResponse" with type "document", like this:

15.  Click this line, and you'll be able to see more information.  The cool stuff will be the "general" tab and the "form data" tab as shown here:

16.  Now we have enough information to assemble a URL that simulates a form response.  The format is:

  • Your request URL: (copy/paste from the information above)
  • Add a question mark to the end of the request URL
  • Add entry.xxxxxx= after the question mark (copy from the "Form Data" section)
  • Paste that entire string into your browser's address bar and hit enter.
Here is an example using my spreadsheet:

If you copy/paste the above URL into your browser, you will append "11223344" into my example sheet.

Similarly, if you copy/paste this URL into your browser:

999999 will be appended into my example sheet.  I've made the sheet public and you can see the results instantly here.

If you follow the instructions above, you can do the same thing for your own sheets, and use them for datalogging, from IoT devices or really anything that is internet-enabled.

Have fun.

Saturday, April 1, 2017

Martian Notifier Teardown

I bought a Martian Notifier watch new from Amazon for $33.  This seemed to be the perfect 'smart' watch for me, it has only one line of text and has a battery life (for the 'smart' portion) of about five days.  The 'watch' portion uses a quartz movement and separate battery that will give you the time with real hands for about three years.  Although it is now on the market for more than 3 years, the liquidation price was attractive to me.

My Martian Notifier (with aftermarket nylon band)
I like the look of a nylon band (seems military-ish) so I bought this one originally for my Moto 360 (a pile of garbage that I returned after a week).  I still had this band and the 22mm size was a match for the Notifier, so on it goes:

Aftermarket 22mm nylon band on the Notifier

(Thinking about) Hacking the Notifier

I've been wearing the Notifier for a week now, and I like it.  However, as with any tech there are things I wish it did differently.

I can't find any evidence that anyone has tried to hack the Notifier's firmware yet.  So far I've been able to capture a firmware flash of the watch, but I've not tried to reflash it yet.  Martian created a Windows or Mac based Firmware upgrade tool that downloads the firmware and updates the watch.

I've got USB captures of this tool asking the watch for the firmware version as well as the entire upgrade process.

Before bricking my new watch, I wanted to know what kind of hardware was inside it, so I purchased a broken one on eBay for $5.  The broken watch was in perfect shape, so I charged it overnight to be sure it was dead.  The watch showed some signs of life, with the notification LED blinking red (solid red is normal for charging) but the watch never fully booting.  I took the watch apart and found that it had terminal water damage.  It was a good teardown candidate.

Notifier Teardown

Surprisingly, it seems no one has done a public teardown of this watch yet.  I did find this commercially available teardown report but to you have to buy it to read it.

Here's my ten-cent teardown.

Photo album of terrible photos here.

Martian Notifier Watch
  • Watch movement: Miyota 2025 2 hand quartz movement
  • Watch battery: 377 / SR626SW

Martian Notifier Layout

Martian Notifier Connected Device Hardware Details
  • Battery: AE292025P -- marked as containing lead -- LiPoly? 
    • 3.7V (?), 0.44Wh
    • Can't find a hit for the 292025 part number, but 302025 looks very similar.
  • Display: PG-9616TSWD
    • 96x16 OLED
    • I2C interface
    • This one is similar
  • Microprocessor: CSR 8670CG
    • Has a lot of capabilites, including onboard DSP and audio output
    • Not much info about programming this device in the public domain
  • 3-Axis Accelerometer: 263 8451 3EAF
    • Comes from NXP.  Datasheet here.
    • Probably Martian was intending to use this accelerometer for fitness tracking, but maybe due to the hit to battery life decided against it.  The watch software and phone companion app makes no use of this hardware that I can tell.
  • Flash memory: MX25U1635E (3R181 000-X)
    • Macronix serial flash, 1.8V, 16 MBit
    • Not clear what the purpose of this flash storage is.  The 8670 micro has 16 Mbit of flash onboard already.
    • Guess: this flash storage is possibly used for holding an updated version of the device firmware, rather than reprogramming the flash storage on the micro?
If I get any farther hacking the watch, I'll have another post about it.

Sunday, February 5, 2017

Moto G4 Root from Linux

Here are the steps I followed to root my Moto G4.  There were some guides on xda that involved reflashing boot.img.  While it seems many have done this with success, flashing the boot.img is not something I like doing and I try to avoid it if at all possible.  The below method will will modify the boot image, but the SuperSU installation script does it for you.  In my opinion this is still risky but perhaps less risky than flashing a boot.img that you found on the internet.

I performed all of the below steps from my Linux machine; there is no need to use Windows.

Unlocking the bootloader is the same as performing a system reset; you will lose all of your data, so make a backup first.

If you brick your phone following these steps, well, that's on you.

Preliminary Steps

  1. Enable developer options on the phone
  2. Inside developer options, enable "OEM Unlocking"
  3. Enable "USB debugging"
  4. On the computer: have the Android SDK installed (at least adb and fastboot utilities)
  5. Back up important data/pictures/etc from the phone.

Unlock Bootloader

Reboot the phone into the bootloader:

wskellenger@marquette ~ $ adb reboot bootloader

See if the device is visible:

wskellenger@marquette ~ $ fastboot devices

no permissions (verify udev rules); see [] fastboot
For me, it was visible but with no permissions.  Try it with root:
wskellenger@marquette ~ $ sudo $(which fastboot) devices

ZY223R9KC9 fastboot

Obtain the unlock (unique to your phone):

wskellenger@marquette ~ $ sudo $(which fastboot) oem get_unlock_data

(bootloader) slot-count: not found
(bootloader) slot-suffixes: not found
(bootloader) slot-suffixes: not found
(bootloader) Unlock data:
(bootloader) 3A45210437945222#
(bootloader) 5A5932323352394B4339004D6F746F2047200000#
(bootloader) 5342C312F53218107391149534B38F6928DBBD07#
(bootloader) C6506801000000000000000000000000
OKAY [  0.103s]
finished. total time: 0.103s

Format the unlock seed:

Copy the output lines and paste them into vim.  Then do:

(note the search/replace command at the bottom)
:%s/(bootloader) //gc

Accept all replacements.  You now have this:

Place your cursor on the first line and type "4gJ" to join all of the lines without spaces:

Get your unlock key from Motorola:

Go here, and paste the string you created above from vim into Motorola's webpage:

A friendly/pleasant (really!) email will arrive with the unlock code:



If you are comfortable with this, unlock it with:

sudo $(which fastboot) oem unlock [your key here]

You have to run the command twice:

Install TWRP

Get what you need

This post from xda-developers describes what you need.

Download the TWRP image

The TWRP image is available here.

Verify image integrity

You should confirm integrity of the download by also downloading the md5 file, and checking that the first few/last few characters of each md5 agree:
wskellenger@marquette ~/Downloads $ md5sum twrp-3.0.2-0-athene.img
1c3ed996a8e978c05bfd25da47eb1e47  twrp-3.0.2-0-athene.img

wskellenger@marquette ~/Downloads $ cat twrp-3.0.2-0-athene.img.md5
1c3ed996a8e978c05bfd25da47eb1e47  twrp-3.0.2-0-athene.img

Use mfastboot to flash the recovery image

mfastboot is a motorola specific fastboot utility.  You can find it on  Use it to flash the recovery image.  Here I'm also updating the logo so I don't have the annoying bright white warning about the unlocked bootloader.

Reboot into TWRP recovery

While you are still in the bootloader, you can use the up/down arrows to highlight "recovery" and the press the power button to go into recovery.

When you see TWRP recovery appear, great!  The updated recovery works.  You can reboot the system and set up your Google account, restore your backups, etc.  Note: you aren't rooted yet.

Install SuperSU

Thanks to this post on XDA.

From the phone's browser, download the SuperSU zip from here:

Shut the phone down, and reboot into TWRP recovery.  Go into the terminal by selecting Advanced-->Terminal.

Inside the terminal, type the following (exactly as written, obeying all spaces, etc.) and press enter:
echo SYSTEMLESS=true>>/data/.supersu

In TWRP, exit the terminal.  Press the home button.  

Install the SuperSU zip from your phone's download directory.  The exact version I used:

Reboot the phone.  

It may reboot itself once after this.  When the phone boots, SuperSU will be in the app list.